[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #28100 [Core Tor/Tor]: Tor shouldn't set Content-Type: application/octet-stream when compressing results

To: undisclosed-recipients: ;
Subject: [tor-bugs] #28100 [Core Tor/Tor]: Tor shouldn't set Content-Type: application/octet-stream when compressing results
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 18 Oct 2018 01:49:00 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 17 Oct 2018 21:49:13 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#28100: Tor shouldn't set Content-Type: application/octet-stream when compressing
results
---------------------+------------------------------
 Reporter:  Hello71  |          Owner:  (none)
     Type:  defect   |         Status:  new
 Priority:  Medium   |      Component:  Core Tor/Tor
  Version:           |       Severity:  Normal
 Keywords:           |  Actual Points:
Parent ID:           |         Points:
 Reviewer:           |        Sponsor:
---------------------+------------------------------
 arma complained on IRC about his browser trying to download descriptor
 files instead of displaying them in the browser.

 I tracked this to tor replacing the Content-Type with application/octet-
 stream when compression is done.

 At least in modern HTTP, the Content-Type should not change with
 compression. You can see this by using curl --compressed -v or -I on any
 modern web server. Example:

 {{{
 $ curl --compressed -I https://www.torproject.org
 HTTP/1.1 200 OK
 Date: Thu, 18 Oct 2018 01:48:00 GMT
 Server: Apache
 Content-Location: index.html.en
 Vary: negotiate,Accept-Encoding
 TCN: choice
 X-Content-Type-Options: nosniff
 X-Frame-Options: sameorigin
 X-Xss-Protection: 1
 Referrer-Policy: no-referrer
 Strict-Transport-Security: max-age=15768000; preload
 Content-Security-Policy: default-src 'self'; script-src 'self'; style-src
 'self' 'unsafe-inline';
 Last-Modified: Wed, 17 Oct 2018 18:48:13 GMT
 ETag: "3ca6-578711cc71540-gzip"
 Accept-Ranges: bytes
 Content-Encoding: gzip
 Cache-Control: max-age=3600
 Expires: Thu, 18 Oct 2018 02:48:00 GMT
 Content-Length: 4049
 Content-Type: text/html
 Content-Language: en
 }}}

 I didn't really look hard for any specs. It's probably somewhere in some
 RFC, but as a practical matter, 100% of web servers do this and 100% of
 web clients expect this.

 I'm pretty sure this won't break Tor, since I searched the code for
 "content-type" and didn't find any results actually checking the type,
 only setting it.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28100>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #28100 [Core Tor/Tor]: Tor shouldn't set Content-Type: application/octet-stream when compressing results
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #28100 [Core Tor/Tor]: Tor shouldn't set Content-Type: application/octet-stream when compressing results
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #28100 [Core Tor/Tor]: Tor shouldn't set Content-Type: application/octet-stream when compressing results
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #28100 [Core Tor/Tor]: Tor shouldn't set Content-Type: application/octet-stream when compressing results
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #28100 [Core Tor/Tor]: Tor shouldn't set Content-Type: application/octet-stream when compressing results
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #28100 [Core Tor/Tor]: Tor shouldn't set Content-Type: application/octet-stream when compressing results
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #28100 [Core Tor/Tor]: Tor shouldn't set Content-Type: application/octet-stream when compressing results
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #28100 [Core Tor/Tor]: Tor shouldn't set Content-Type: application/octet-stream when compressing results
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #28100 [Core Tor/Tor]: Tor shouldn't set Content-Type: application/octet-stream when compressing results
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #21600 [Core Tor/Tor]: Hidden service introduction point retries occur at 1 second intervals
Next by Author: [tor-bugs] #28017 [Applications/Tor Browser]: no sound on ALSA. MediaPlayback Warning OpenCubeb failed to init cubeb
Previous by thread: Re: [tor-bugs] #22233 [Core Tor/Tor]: Reconsider behavior on .z URLs with Accept-Encoding header
Next by thread: Re: [tor-bugs] #28100 [Core Tor/Tor]: Tor shouldn't set Content-Type: application/octet-stream when compressing results
Index(es):
- Author
- Thread